Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

If it wasn't for the fact that most System Administrators are more comfortable with Linux or Windows (And many of the new ones are not too willing to expand that much on the command line). I would have all my servers running OpenBSD. You get it set it up to do the Job you want and let it work.

It doesn't support as much hardware as Linux, of course, but it's still pretty good [openbsd.org]. Anecdotally, I personally haven't had a device supported by Linux but not OpenBSD, but I have run into devices supported by OpenBSD but not FreeBSD.

Hence my somewhat cowardly use of "necessarily". Given the fairly substantial standardization of core hardware in the x86 market(ie. either an Intel chip with an Intel chipset, or an AMD chip with either an AMD chipset or one of the remaining Nvidia ones, along with wired NIC by Intel or Broadcom and wireless by Intel, Broadcom, or a couple of others) it is hard to go too far wrong even with laptops; but laptops are the sorts of places were "realtek did something fucked up with the supposedly standardized '

Running it as a home router on an Intel Atom mini-itx motherboard. It recognized a Tenda (forgot the real model) N-150 wireless device and I was able to quickly put it to use on WPA2 with just ifconfig and wpa-psk to convert the key to a hex. No need for cheesy software.
Its also running its rootfs on a 2gb usb card (mutable stuff such as/var/log is running on mfs (memory file system). OpenBSD is fantastic for the job.

In the spirit of curiosity, is your Atom board one of the early ones were Intel was pairing atoms with SiS chipsets, or one of the later with a 945, or one of the still later with the NM10, or whatever intel is calling their atom-specific chipset these days?

I used a PowerPC Mac Mini as a server for a few years, and had no problems with OpenBSD hardware support. Everything worked with the same interfaces as on x86. YellowDog Linux also kind-of supported the hardware, but things were strangely different from x86 (e.g. Linux puts CPU and power management stuff behind different interfaces on different architectures) and the admin interface was just different enough from RedHat to be irritating, while OpenBSD on PowerPC Mac worked just like OpenBSD everywhere else.

A sysadmin probably wouldn't have noticed that it wasn't x86. A developer would only have noticed if they did anything endian-specific, not if they stuck to public OS interfaces. While I had the machine, I wrote some software for showing the CPU and power status which ran on a variety of systems. It had a simple abstraction layer, where each target platform implemented a few functions for platform-specific stuff. For OpenBSD, each function was one sysctl() call. I wrote them on PowerPC, someone else tested them on SPARC, x86 and x86-64, and they worked everywhere. For Linux, I had to add a dependency on a 300KB library that abstracted the differences between the different versions of Linux on x86... and then was told by the first person that tested it on PowerPC Linux that it didn't work properly there.

So, I'd say hardware support is pretty good on OpenBSD. More importantly, the OS actually does its job and abstracts the hardware so developers don't have to pretend that they're writing DOS applications and ship a different code path for every possible combination of hardware on OpenBSD.

So, I'd say hardware support is pretty good on OpenBSD. More importantly, the OS actually does its job and abstracts the hardware so developers don't have to pretend that they're writing DOS applications and ship a different code path for every possible combination of hardware on OpenBSD.

I don't think you are wrong in your experience or conclusion but when people talk about "hardware support" they are not referring to whether it will run on older architectures (Apple hasn't sold a PPC in nearly half a decade). Rather, they are talking about drivers for all the random peripherals they've accumulated -- wireless mice, webcams, joysticks, scanners, wifi cards, bluetooth modules. The number of people frustrated by installing an OS and not having it support no-name bluetooth module XXX or Broadc

they are not referring to whether it will run on older architectures (Apple hasn't sold a PPC in nearly half a decade)

Sorry, but the Mac Mini was brand new when I put OpenBSD on it. Apple stopped selling PowerPC machines during the time it was operational. Its sales accounted for something like 2% of total PC sales in that year, yet the only two operating systems that supported it well are OS X and OpenBSD.

for the last couple years, http://www.openbsd.org/i386.html#hardware [openbsd.org]
very good, works with all the wireless and USB devices I've plugged into it including cameras, several types of wireless ethernet, usb to serial. Yes, it works on my Toshiba and Thinkpad laptops with all video and sound ok, admittedly as one of two alternate partitions for grand occassions with windows xp, and not my main Linux one.; A lot of the recent device additions of that is due to NetBSD and FreeBSD, the BSD license is great for s

The other poster already pointed out that it's got documentation. The OpenBSD team will actually back out commits that don't come with updates to the relevant man pages. Try this on OpenBSD: go through/dev, and look up every device that's listed there. Then go through/etc/ and look up every file that's there. Now try it on Linux (or FreeBSD or OS X, for that matter). OpenBSD is the only system I've used where you will actually find documentation on every device and every config file that's part of the standard install.

More importantly, you only need to read the documentation once. Unlike Linux, OpenBSD does not replace admin tools with functionally equivalent ones with a new interface every six months. If you learn how to use OpenBSD, then you know how to use OpenBSD, on any architecture. If you learn how to use Linux, then you know how to use one version of one distribution of Linux, probably on one architecture.

The Debian project is probably responsible for the majority of (non-upstream) man pages on all linux distros. It is against Debian policy to not have a man page for every command.

True. But when I used Debian (2.1, 2.2, 3.0), if I had a nickel for every "man page" that said nothing but something like "Policy requires us to have a manpage, so this is a placeholder," I could buy you lunch.

More importantly, you only need to read the documentation once. Unlike Linux, OpenBSD does not replace admin tools with functionally equivalent ones with a new interface every six months. If you learn how to use OpenBSD, then you know how to use OpenBSD, on any architecture. If you learn how to use Linux, then you know how to use one version of one distribution of Linux, probably on one architecture.

scrub in all reassemble tcpnat pass on $ext_if from $home_network to $internet -> ($ext_if:0)

Ugh. I went through the OpenBSD 4.7 upgrade torture test last weekend. For those who don't know what we're talking about, the firewall config file syntax change in a backward-incompatible way between OpenBSD 4.6 and 4.7. It wasn't possible to boot into the new system without largely rewriting the file, which is kinda inconvenient when the machine in question is your primary firewall.

It was a good upgrade and I like the new version better, but it wasn't exactly painless.

Ugh. I went through the OpenBSD 4.7 upgrade torture test last weekend. For those who don't know what we're talking about, the firewall config file syntax change in a backward-incompatible way between OpenBSD 4.6 and 4.7. It wasn't possible to boot into the new system without largely rewriting the file, which is kinda inconvenient when the machine in question is your primary firewall.

It was a good upgrade and I like the new version better, but it wasn't exactly painless.

I fortunately have been generating my pf.conf from an XSLT on an XML file for a few years now, so it was a relatively simple matter of changing a single line in the file that is generating the XSLT*, and then using make. So, it was relatively pain-free for me.

*: Why am I using a file to generate the XSLT? Have you SEEN the XSLT language? It's horrible and designed for machines. The file I'm using adds a layer of abstraction that makes XSLT a useable language for human beings.

Um, if pf.conf so bad?:-D Seriously, I just edit it with vim. It's the easiest firewall system I've dealt with.

Oh, I also got nailed by the old nat and rdr rules having an implicit "quick" and I had "block all" at the end of the file. The new syntax rules with pass aren't automatically quick, so I had to rearrange the rules a little.

Um, if pf.conf so bad?:-D Seriously, I just edit it with vim. It's the easiest firewall system I've dealt with.

No, pf.conf isn't bad at all. But the XML file holds more than just my firewall rules. It holds all the information necessary to produce my named lists (forward and reverse), as well as my dhcpd.conf. Oh yeah, as well, it produces an HTML "netinfo" file which has all the network information in pretty print format, with links and all.

Basically, the XML file describes my whole network, and keeps things consistent so I don't have to keep things consistent by hand.

More importantly, you only need to read the documentation once. Unlike Linux, OpenBSD does not replace admin tools with functionally equivalent ones with a new interface every six months. If you learn how to use OpenBSD, then you know how to use OpenBSD, on any architecture. If you learn how to use Linux, then you know how to use one version of one distribution of Linux, probably on one architecture.

Version: is it unfair to expect things to actually *change* between versions? I don't think so.

Hardware: you described upthread your problems with Yellowdog Linux on x86 and PPC.
I cannot explain that experience. Yellowdog Linux must suck, because I'm using Debian on x86 and PPC, and there
are *no* unreasonable differences. The only ones I can think of is the bootloader and the disk partitioning scheme,
and

and what's with that "architecture" crack? It runs on more architectures than most Linux multi-arch distros. For example, comparing it with Debian, it doesn't run on the S/390 or Itanium but all the others, but also supports four more Debian doesn't have.

You are comparing a complete distribution to a kernel? Try comparing it (and it's pathetic application and arch support) to a decent one running the linux kernel.

That's the problem: the Linux kernel is more capable (in terms of features, performance, and other areas I have not thought to list), but there is no decent Linux distribution. Userspace is what matters, and OpenBSD is simply the best Unix/Unix-like distribution out there. As a bonus, the kernel is good enough, clearly-written, and extremely well

With Linux, you know there will be a totally new gui config utility that you have to use with each major release. And the userland will shift around, depending on the mood of the aggregator who puts together whichever 'distro' you happen to use.

With a BSD, you set it up to do the job you want and with a few minor tweaks of/etc files for major updates you just keep on keeping on.

OpenBSD: Two remote vulnerabilities in the default install in ~12 years. None in the last 2 years.
Running a 2 year old copy of OpenBSD still safe (unless you make it otherwise). Your Linux ISO from 2 weeks ago is already vulnerable.

It is funny that there was nothing in -current serious enough to be a security/errata patch yet with 4.9; with most releases there would be a few by now. Maybe it'll be known as the "golden release" if that turns out to be true for another couple months.

I run OpenBSD and I appreciate how (relatively) maintenance free it is, but that claim has *always* bugged me.

Two remote vulnerabilities in an install that leaves no services running in ~12 years, huh. Fascinating. Nevermind that almost nobody actually runs a system without services, or that a glance at the errata page shows that basically any non-root bug on OpenBSD can be escalated to give root privs. I dunno where you've been, but Linux distros stopped shipping with every service under the sun running a

I find that the problem is with going from windows to anything else. If you know one flavor of Unix the others aren't fairly easy to pick up. On any given day I may work on Linux, AIX, Solaris, OpenBSD, HP-UX, or windows. I prefer any of the others to windows even with their own idiosyncrasies and I was a windows user for a long time. I got my feet wet on *nix with X and now prefer the good old command line for a lot of what I do.

The OpenBSD technology is amazing; I'd recommend that any Linux user gives it a try to see how a Unix is supposed to work. Simple, flexible, consistent, robust, and superbly documented (there are man pages for everything, including the internal kernel APIs needed to write device drivers!). I just wish it had apt, that's all. (And better non-PC support. My main server's an ARM.)

It's even more amazing if you've ever interacted with the OpenBSD community, who are basically dickheads. Admittedly, it's been a while since I gave up on the -misc, but the last time I was there there was some poor guy trying to discuss virtualisation and the lead developers (including Theo) were simply hurling childish abuse at him rather than, say, actually trying to communicate. And of course all their groupies were joining in. It was incredibly unpleasant.

I suppose it's possible that they've grown up since then. I really wish they would; OpenBSD deserves a lot more attention and use. But I was so turned off by the total lack of anything resembling professionalism in the community (which is weird, because the actual docs are brilliant) that I haven't felt like going back.

However there are many people who try to seem smarter than they're, and they might deserve to be made fun of.

Leaving aside the moral debate of when a person deserves mistreatment, what is the value of abusively mocking someone in a public forum? It does not raise the level of discourse to something productive. At the least it's a kind of friction and so energy goes out the window as a kind of heat loss. Maybe it's a kind of turbulence that amplifies the original wobble of stupidity rather than smoothing things back into a laminar flow. Maybe it promotes a culture of antagonism, resulting in rampant friction an

Well, as much as I love OpenBSD, not much has changed on the mailing list. The misc@ list has a very low tolerance of people whom they percieve as stupid or even newbies. Remember, we were all newbies once.

... low tolerance for stupidity -- absolutely.... newbies, you need to be more specific. It's lazy newbies who don't RTFM (that's F as in fine) or provide appropriate information in a problem report that get roasted.

wow, way to grab the wrong end of the stick and start beating around the bush with it.Good OSes don't need virtualization - it is a crap solution to work around even crappier OSes (windows, I should add since I'm sure discerning subtlety isn't your strong point).

It's even more amazing if you've ever interacted with the OpenBSD community, who are basically dickheads. Admittedly, it's been a while since I gave up on the -misc, but the last time I was there there was some poor guy trying to discuss virtualisation and the lead developers (including Theo) were simply hurling childish abuse at him rather than, say, actually trying to communicate. And of course all their groupies were joining in. It was incredibly unple

If your hardware is older, OpenBSD is a safer environment - if your CPU does not implement the NX bit, OpenBSD manages the same functionality with W^X. Many other memory-handling features make the system safer (malloc with mmap, rather than sbrk, for example), although there can be a performance penalty.

OpenBSD implements privilege separation in many of the daemons of the base system (ftpd, dhcpd, ntpd, sshd), so you can trust them more.

1. First install it wouldn't boot. Seems it didn't save the partitions correctly, so tried again. This time it booted.2. Home and end keys don't send you to the end or beginning of the command line you're on. Mac also does this. It annoys the hell out of me. One thing windows and linux got right.3. It comes with vi by default but trying to install vim was a hassle. And once you get it installed, it's not used by default. Instead you gotta create an alias

1: Can't help ignorance, you probably forgot to set something as bootable. I've done it myself.2: I agree, but OpenBSD supports so many different architectures that it makes sense that they do nothing out of the box.3: vi is not vim. Of course installing vim doesn't replace vi.The vi included with OBSD is OBSD's vi.4: You also have to install openssh server on any linux before people can log in. You don't have to jump through hoops to let people log in, you do however need to make sure people are in the rig

1. First install it wouldn't boot. Seems it didn't save the partitions correctly, so tried again. This time it booted.

2. Home and end keys don't send you to the end or beginning of the command line you're on. Mac also does this. It annoys the hell out of me. One thing windows and linux got right.

3. It comes with vi by default but trying to install vim was a hassle. And once you get it installed, it's not used by default. Instead you gotta create an alias on your shell login script. But even then I could not get that working. On linux, when you install vim, it replaces vi. If I use the command vi after I install vim, it'll use vim. On bsd it keeps both, leading to frustrations.

4. You need to install openssh server after and then go through hoops to allow users to login.

This really did remind me of linux back in 1995. It's archaic and you must remember work arounds. How hard is it to make these modifications be part of the standard install? Why weren't they done a long time ago? I'm sure if you started making stuff as "easy" as linux, you'll attract more users. But from trying it myself, I can see why it's used by so many few people.

Whine #1 You screwed it up. Don't blame OBSD. You could have read the install documentation prior to attempting an installation. They are on the web site.

Whine #2 If this makes your top 5 pet peeves, OBSD must be really great. You could fix the keyboard issue if you were to read the manuals. Is that a problem for you?

Whine #3 Have you considered that OBSD is multiuser? Maybe others will want to use original vi. You consider yourself competent to critique a Unix based OS and yet you are unable to

Oh, I know Theo likes to keep telling everyone how secure OpenBSD is, but every time anyone does discover an exploit in it he's quick to point out some ingenious way in which it doesn't really count. He's like that one kid that everyone knew at school who would just not accept that he was "it" when you were playing tag - always some bullshit made-up-on-the-spot rule why tagging him didn't count.

Speaker:(after talking about hald)Poettering: "Ok, hald has been deprecated for 2 years, not my fault people still use it."speaker: Yes, but it's got these limitations, we should get rid of it, do you agreePoettering: No, when we designed it it was great, it did all these things that could never be done beforespeaker: but it never workedPoettering: you're doing it wrong, it worked great.

The guy interrupted the speaker for the entire talk and then got up and stage after him and took the mic. What an asshole. Completely regardless of whether or not you disagree with the speaker, it's just plain rude to interrupt a talk like that.